Our Cybersecurity Program, associated security practices and policies are based on the National Institute of Standards & Technology (NIST) Cybersecurity Framework(CF) and the International Organization for Standardization (ISO) Standards. We employ a holistic approach that includes security measures throughout the employee lifecycle from onboarding, employee development and offboarding processes. We take this responsibility seriously more than anything because we know our customers entrust us with helping them manage their most important asset – their data.
- Best Practices
Security Awareness
Blue Yonder ensures that all employees complete annual cybersecurity awareness and data privacy training, which includes awareness of emerging risks. The training reinforces best practices to protect data and keep information systems secure at home and at work.
Access Management
At Blue Yonder we support formal processes to govern how access is granted to authorized individuals by the level of access required for them to perform their job duties. Access is provisioned by role and the principle of least privilege. Our controls include multi-factor authentication requirements, use of unique IDs and strong passwords. We continue to monitor access management processes and controls for effectiveness.
Governance and Risk Management
We undergo independent verification of our security, privacy, and compliance controls. Blue Yonder follows a risk-based approach to cybersecurity risk management and our methodology supports planning, mitigation and countermeasures. Our formal risk management program allows us to address threats to our assets and resources by conducting assessments and understanding the impact they may have. We also maintain a formal vendor management program, including vendor security reviews to ensure compliance with our cybersecurity objectives.
Data Protection
Blue Yonder maintains a Cybersecurity Policy, Access Control Policy, Acceptable Use Policy and an Information Classification Standard, which governs the responsibilities and practices of our organization to protect data. We are continuously focused on improving our product development standards and we regularly monitor the effectiveness of our security controls. Our practice is to inventory, track and manage all of our information system assets. Various industry-standard encryption technologies are used across our environments to protect data-at-rest and in-transit.
Application Security
Secure software development is top of mind to minimize risks. Application analysis includes internal security testing at the code-level (static analysis) and application-level (dynamic analysis) for select products in support of our compliance objectives. Security best practices are incorporated into our development lifecycle as these measures are meant to regularly identify, manage, assess, mitigate and/or remediate vulnerabilities.
Vulnerability Management
Blue Yonder conducts vulnerability scanning and patching in accordance with documented frequencies defined in established policies and procedures. Blue Yonder ensures vulnerability assessment, patch management, and threat protection technologies and scheduled monitoring procedures are designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
Security Operations Center (SOC)
Blue Yonder has various technical controls suitable for detecting potential incidents on networks, endpoints, and applications. Blue Yonder maintains security incident response plans based on NIST standards to manage response to security events, and they are tested on at least an annual basis. The organization utilizes separate data center locations and leverages a centralized Security Information and Event Management (SIEM) solution to aggregate and correlate logs (from system files, security files, etc.) for greater insight into the security of the environment. Through 24x7 threat detection capability, logs are continuously monitored.